[VoiceOps] Phone auth for incoming calls?
Brandon Martin
lists.voiceops at monmotha.net
Thu Aug 9 21:47:35 EDT 2018
On 08/09/2018 04:46 AM, Alex Balashov wrote:
> Yes, but until and unless your upstream supply chain is doing TLS and
> you can provide end-to-end security, it's a pointless waste of time.
There's also an argument to be made that I haven't seen brought up for
protecting SIP registration credentials either by providing transport
confidentiality for a conventional password/secret or by using TLS
client certificates. If you're at all worried about an adversary
observing your actual comms, I'd be doubly worried about somebody
stealing registration credentials and abusing them.
--
Brandon Martin
More information about the VoiceOps
mailing list